2 matches found
CVE-2022-0647 Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting
The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0647
CVE-2022-0647 concerns the WordPress plugin Bulk Creator (versions up to 1.0.1). The vulnerability is a straightforward Reflected Cross-Site Scripting caused by the plugin failing to sanitize and escape the post_type parameter before echoing it back on an admin page. The root cause, as described ...